Skip to content

Translate CVE-2026-27820: Buffer overflow vulnerability in Zlib::GzipReader (zh_tw) #3851

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
timfanda35 wants to merge 1 commit into
base: master
Choose a base branch
from
+37 −0
Open

Translate CVE-2026-27820: Buffer overflow vulnerability in Zlib::GzipReader (zh_tw) #3851

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
37 changes: 37 additions & 0 deletions zh_tw/news/_posts/2026-03-05-buffer-overflow-zlib-cve-2026-27820.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
---
layout: news_post
title: "CVE-2026-27820: Zlib::GzipReader 緩衝區溢位漏洞"
author: "hsbt"
translator: "Bear Su"
date: 2026-03-05 00:00:00 +0000
tags: security
lang: zh_tw
---

`Zlib::GzipReader` 中發現了一個緩衝區溢位漏洞。該漏洞的 CVE 編號為 [CVE-2026-27820](https://www.cve.org/CVERecord?id=CVE-2026-27820)。我們建議您升級 zlib gem。

### 風險細節

`zstream_buffer_ungets` 函式在之前產生的輸出前面添加了調用者提供的位元組,但在 memmove 移動現有數據之前未能確保後端 Ruby 字串具有足夠的容量。當緩衝區長度超過容量時,這可能會導致記憶體損壞。

### 建議措施

我們建議將 `zlib` gem 更新至 3.2.3 或更新的版本。為了確保與舊版 Ruby 系列捆綁版本的相容性,您可以使用以下方式更新:

* Ruby 3.2 使用者:更新至 zlib 3.0.1
* Ruby 3.3 使用者:更新至 zlib 3.1.2

您可以使用 `gem update zlib` 進行更新。如果您使用 bundler,請將 `gem "zlib", ">= 3.2.3"` 添加到您的 Gemfile 中。

### 受影響版本

zlib gem 3.2.2 或更低版本。

### 致謝

感謝 [calysteon](https://hackerone.com/calysteon) 發現此問題。
感謝 [nobu](https://github.com/nobu) 協助修復此風險漏洞。

## 歷史

* 最初發布於 2026-03-05 09:00:00 (UTC)
Loading